Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
27/01/2024, 13:49
General
-
Target
2024-01-27_f973b94b171c96235f2f3c538dfd151a_goldeneye.exe
-
Size
168KB
-
MD5
f973b94b171c96235f2f3c538dfd151a
-
SHA1
34a84f2d123c99a963e4eb47496299d5d15c3c1b
-
SHA256
a23602583b1c9700f9dc098b4b8fa70a29b59356f3d92e1550b0e10a258e8fde
-
SHA512
56026005cb2c0630b3ecb06a328b6be142ec2ce83e3b8b55ba845e0a53f3c9493123636500f78344ef6ad5429829f000653d64a1a97bcd6bd169e34d0ee20d9b
-
SSDEEP
1536:1EGh0o7lq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o7lqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_f973b94b171c96235f2f3c538dfd151a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_f973b94b171c96235f2f3c538dfd151a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{40AB139A-314C-49e4-854E-98969DF47776}.exeC:\Windows\{40AB139A-314C-49e4-854E-98969DF47776}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7888A355-9460-4ec8-80D9-03882684AA12}.exeC:\Windows\{7888A355-9460-4ec8-80D9-03882684AA12}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1AC1499E-D251-4918-B294-9677FA956C9E}.exeC:\Windows\{1AC1499E-D251-4918-B294-9677FA956C9E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{72020C22-6A6E-4095-AC80-B20CA92FF1B5}.exeC:\Windows\{72020C22-6A6E-4095-AC80-B20CA92FF1B5}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{28F8FAB1-33C2-40ca-95C8-880F4505F7AD}.exeC:\Windows\{28F8FAB1-33C2-40ca-95C8-880F4505F7AD}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8A2AD001-1B91-4c71-A1DD-5CFEE81CEBED}.exeC:\Windows\{8A2AD001-1B91-4c71-A1DD-5CFEE81CEBED}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{67FACD5B-05B7-42e4-A6CF-24594232BD65}.exeC:\Windows\{67FACD5B-05B7-42e4-A6CF-24594232BD65}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05CC5C46-5DC6-4be3-A682-601B6D8B1B1B}.exeC:\Windows\{05CC5C46-5DC6-4be3-A682-601B6D8B1B1B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{605CDE9F-08E6-4fb8-BA84-0991D58AC859}.exeC:\Windows\{605CDE9F-08E6-4fb8-BA84-0991D58AC859}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6AFFD4EF-4DED-46a2-A585-68E37434CB04}.exeC:\Windows\{6AFFD4EF-4DED-46a2-A585-68E37434CB04}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2D9C03E7-BDB7-4700-BD73-7CB6DA44214B}.exeC:\Windows\{2D9C03E7-BDB7-4700-BD73-7CB6DA44214B}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6AFFD~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{605CD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05CC5~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{67FAC~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A2AD~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28F8F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{72020~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1AC14~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7888A~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{40AB1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5083934f10cd04a4188d3521c1bfaf0c4
SHA129435cd041752082e7e0e3efeeda7e8b3ec0b6c0
SHA256f7b17d177fa0b2f394444edc9f3f037964a4a60655646d25b0320e72be3fe067
SHA5120eb6979777477e7369199a5e1eecb2c6ecfd279ce83bb7909c8355b28fbf1f0c53493d5e5c880ccffd7c2e2ca9e3c4e1929311105176a143d8fae1abcdc216cc
-
Filesize
168KB
MD550db888e9c0bac87749983b1623ccbd1
SHA193a86d32d6abd21a6a971f997e46fe6917aea551
SHA256dff4b9fa4ff25f90f19e2ca9b8d9e8be12e248ee4995eb3bc1df9d7a6853a324
SHA51246472980bb5ce2bf5b736554aaf3eace31e5248df77001789639198bd18f07d936e098a3c88c01d37dd62a1f95b4616d9baf085e450380c388c35c76ddf6de82
-
Filesize
168KB
MD58726a9188edd98cb2529a3047cdd6c42
SHA155bce8cc97e38dc447e2f1f5cc6518d41169b6b1
SHA256c8d264e181c5cc0bfe54ad91b94cf175e78b3663189cc21a29ac0a424d0d5342
SHA512c1c92db361be38a10157e5cf1a12adf83495eacfb4ec9e59b094d33e09354c9a58b8c6ac5a7026dc87024d7a291d1985f44d10b5b235c88a1b4fc2346406f2bf
-
Filesize
168KB
MD56886829beff823faf163f4ef6b6b94c4
SHA1687f2962216918eba82ea271354fec5cfbc82a2f
SHA256f930e11b4115dca4c2dca9c9f3da9e6bdbee0b69ba01de97801849f4ca943740
SHA5126a1e0ca9ff8871dd55bf113d7e6a06d59a462466d269510eed66aa139de4410839253372cde01384a52e6f2881dd61346181361f4def58e8e5dc50b49713455a
-
Filesize
168KB
MD57c9346080f85a4825df10f6733ff8235
SHA18b1e5f21e673edd30ec3d176d4f9bc85244eac3d
SHA256d04d11f82d1ed25e195943aaf83d4af5fe86d9b85d818a737ca8ab65d97c03ec
SHA5125b7a02ea9542b52d72a9d6172baa112ccf8691d21e271631a025bd512a68596f4aa2c6ca97a72de286fd32f0edab817a4e63e166f05de5b2233e41bfd50a0fe7
-
Filesize
168KB
MD523146b03d4818e3fdf5baba2c9872cd5
SHA1c1b1b9654a5d26341f7e29ddee3fd9f29b284f37
SHA2569e74e6dc3e1063c85d45316a8d3d301d5fa3a7f38e622676fc3ff975c0859892
SHA51206583020f4ec348be1659d65f2a057b0d0447f4667cc58762639f40b5d90a0b463c6242c96cff41304d177d289ea5c8df30d5594c04df80b3ab20dc62192acb1
-
Filesize
168KB
MD520e95da790de68ac342c96bd46ac72a5
SHA1b6343c916197d2344dc8037aa61aa3fd7aad6add
SHA256b8da73ce9a449c254350c3bc8fb358e77c575a108c6d574b7ac7626a5915c7aa
SHA5122b8a9357a0a6334aedcf02715281931e9b6f1a48ec143a6123f08115166fd28efe1034dc37b79dd37f2ed500ce5faadc7aee05b2ec343c4f1f2626b5337026fb
-
Filesize
168KB
MD5e744e0d4167b893ea6b27bbb867f7eab
SHA158c3359819fd497038ef15b84b20c56a5450d202
SHA256c8c5c9a0f120d7b0076f7cbe72de899e058bba18872fa8446f8080ad8dec7d81
SHA512d737a630d20949926ab8465e7619cd2efb6bc29cd6cdb6f949423c5271c31b7a7e572e8c1c4ac5501226165d2b50f04bf44887dd6e547d012c386138d614968f
-
Filesize
168KB
MD505627aa416144c7dd4cee9c2cb30fd26
SHA123c4b10f8520d2d205b05b038ea0465f68175d3d
SHA256093aa3c4519bf6b434a295110a3892a8fa95517a65b25689f97d9188544f7fc9
SHA51266817c5afaf54e9b79d3e97ca3508928785dac8d478a644911f580e24754db01af3e4d462a63f7cfb54940c3470b665b5671081e23e7de4fa68dac53e4bd7699
-
Filesize
168KB
MD5c5f0570d28c7ff3fb5b6946bc8edb256
SHA110ee5b875bb36374e5f8e920f633b20f58a60527
SHA25690bcac18a6cc7a129b53df3101ab6fb21490aa0d59b6c070002ee5554b22b001
SHA512ac7f164dcda7f80a30b683417ea6683679fc851add828c872ac5f9d193eb19f2870b8f830976331b686375456729bf172018f7b025f5be880df719869fc46356
-
Filesize
168KB
MD553a440a42e1762776fb28ccadccf355e
SHA1ad3bdcb5c455b8f3f091e5ce86217f8e7dcc7745
SHA25631b5b2940265cd0b504c48402cfc59d62b0c6607c0da7c94f91bb9f46d0808b0
SHA512b6ea6d2f6b50748b1928bb5b826e26fa052a0b007ac9593d39e060583cc908b904a5ad0e738b531560846d5ac7815cad8c1c57cb346a8131fb2709d808ae75d5